Dumping the data – in an error-based scenario

Let's go back to the previously discussed example, and now we shall exploit the vulnerability using the error-based technique of SQLMap to list the database user and list of databases as follows:

./sqlmap.py -u http://192.168.50.2/Less-1/?id=2 --current-user

The output is shown in the following screenshot:

Dumping the data – in an error-based scenario

Impressive! The current database user pointed out by SQLMap is root.

Now let us print the list of databases present using --dbs switch as follows:

./sqlmap.py -u http://192.168.50.2/Less-1/?id=2 --dbs

The output is shown in the following screenshot:

Once we have the list of databases available, it may be ...

Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.